aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar startx2017 <vradu.startx@yandex.com>2018-09-06 08:56:58 -0400
committerLibravatar startx2017 <vradu.startx@yandex.com>2018-09-06 08:56:58 -0400
commit0adf8f882ccd6f306f9d76ae2b599ab41bee6471 (patch)
tree608321b0cb8f7eaee5d03b968f8b8a3f4ae89099
parentfinal cleanup (diff)
downloadfirejail-0adf8f882ccd6f306f9d76ae2b599ab41bee6471.tar.gz
firejail-0adf8f882ccd6f306f9d76ae2b599ab41bee6471.tar.zst
firejail-0adf8f882ccd6f306f9d76ae2b599ab41bee6471.zip
final cleanup
Diffstat
-rwxr-xr-xconfigure19
-rw-r--r--configure.ac11
-rw-r--r--src/common.mk.in3
-rw-r--r--src/firejail/join.c1
-rw-r--r--src/firejail/main.c12
5 files changed, 2 insertions, 44 deletions
diff --git a/configure b/configure
index 089615384..ac7d64058 100755
--- a/configure
+++ b/configure
@@ -633,7 +633,6 @@ HAVE_WHITELIST
633HAVE_USERNS 633HAVE_USERNS
634HAVE_NETWORK 634HAVE_NETWORK
635HAVE_GLOBALCFG 635HAVE_GLOBALCFG
636HAVE_BIND
637HAVE_SECCOMP 636HAVE_SECCOMP
638EXTRA_LDFLAGS 637EXTRA_LDFLAGS
639EGREP 638EGREP
@@ -696,7 +695,6 @@ ac_user_opts='
696enable_option_checking 695enable_option_checking
697enable_apparmor 696enable_apparmor
698enable_seccomp 697enable_seccomp
699enable_bind
700enable_globalcfg 698enable_globalcfg
701enable_network 699enable_network
702enable_userns 700enable_userns
@@ -1337,7 +1335,6 @@ Optional Features:
1337 --enable-FEATURE[=ARG] include FEATURE [ARG=yes] 1335 --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
1338 --enable-apparmor enable apparmor 1336 --enable-apparmor enable apparmor
1339 --disable-seccomp disable seccomp 1337 --disable-seccomp disable seccomp
1340 --disable-bind disable bind
1341 --disable-globalcfg if the global config file firejail.cfg is not 1338 --disable-globalcfg if the global config file firejail.cfg is not
1342 present, continue the program using defaults 1339 present, continue the program using defaults
1343 --disable-network disable network 1340 --disable-network disable network
@@ -3085,8 +3082,6 @@ fi
3085 3082
3086 3083
3087# LTS marker 3084# LTS marker
3088EXTRA_CFLAGS+=" -DLTS "
3089
3090 3085
3091HAVE_SPECTRE="no" 3086HAVE_SPECTRE="no"
3092{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc or clang compiler" >&5 3087{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc or clang compiler" >&5
@@ -3572,19 +3567,6 @@ if test "x$enable_seccomp" != "xno"; then :
3572 3567
3573fi 3568fi
3574 3569
3575HAVE_BIND=""
3576# Check whether --enable-bind was given.
3577if test "${enable_bind+set}" = set; then :
3578 enableval=$enable_bind;
3579fi
3580
3581if test "x$enable_bind" != "xno"; then :
3582
3583 HAVE_BIND="-DHAVE_BIND"
3584
3585
3586fi
3587
3588HAVE_GLOBALCFG="" 3570HAVE_GLOBALCFG=""
3589# Check whether --enable-globalcfg was given. 3571# Check whether --enable-globalcfg was given.
3590if test "${enable_globalcfg+set}" = set; then : 3572if test "${enable_globalcfg+set}" = set; then :
@@ -4941,7 +4923,6 @@ echo " seccomp: $HAVE_SECCOMP"
4941echo " <linux/seccomp.h>: $HAVE_SECCOMP_H" 4923echo " <linux/seccomp.h>: $HAVE_SECCOMP_H"
4942echo " apparmor: $HAVE_APPARMOR" 4924echo " apparmor: $HAVE_APPARMOR"
4943echo " global config: $HAVE_GLOBALCFG" 4925echo " global config: $HAVE_GLOBALCFG"
4944echo " bind: $HAVE_BIND"
4945echo " network: $HAVE_NETWORK" 4926echo " network: $HAVE_NETWORK"
4946echo " user namespace: $HAVE_USERNS" 4927echo " user namespace: $HAVE_USERNS"
4947echo " whitelisting: $HAVE_WHITELIST" 4928echo " whitelisting: $HAVE_WHITELIST"
diff --git a/configure.ac b/configure.ac
index a6bc44318..1660c2011 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,8 +9,6 @@ AC_PROG_INSTALL
9AC_PROG_RANLIB 9AC_PROG_RANLIB
10 10
11# LTS marker 11# LTS marker
12EXTRA_CFLAGS+=" -DLTS "
13
14 12
15HAVE_SPECTRE="no" 13HAVE_SPECTRE="no"
16AC_MSG_CHECKING(for Spectre mitigation support in gcc or clang compiler) 14AC_MSG_CHECKING(for Spectre mitigation support in gcc or clang compiler)
@@ -63,14 +61,6 @@ AS_IF([test "x$enable_seccomp" != "xno"], [
63 AC_SUBST(HAVE_SECCOMP) 61 AC_SUBST(HAVE_SECCOMP)
64]) 62])
65 63
66HAVE_BIND=""
67AC_ARG_ENABLE([bind],
68 AS_HELP_STRING([--disable-bind], [disable bind]))
69AS_IF([test "x$enable_bind" != "xno"], [
70 HAVE_BIND="-DHAVE_BIND"
71 AC_SUBST(HAVE_BIND)
72])
73
74HAVE_GLOBALCFG="" 64HAVE_GLOBALCFG=""
75AC_ARG_ENABLE([globalcfg], 65AC_ARG_ENABLE([globalcfg],
76 AS_HELP_STRING([--disable-globalcfg], [if the global config file firejail.cfg is not present, continue the program using defaults])) 66 AS_HELP_STRING([--disable-globalcfg], [if the global config file firejail.cfg is not present, continue the program using defaults]))
@@ -161,7 +151,6 @@ echo " seccomp: $HAVE_SECCOMP"
161echo " <linux/seccomp.h>: $HAVE_SECCOMP_H" 151echo " <linux/seccomp.h>: $HAVE_SECCOMP_H"
162echo " apparmor: $HAVE_APPARMOR" 152echo " apparmor: $HAVE_APPARMOR"
163echo " global config: $HAVE_GLOBALCFG" 153echo " global config: $HAVE_GLOBALCFG"
164echo " bind: $HAVE_BIND"
165echo " network: $HAVE_NETWORK" 154echo " network: $HAVE_NETWORK"
166echo " user namespace: $HAVE_USERNS" 155echo " user namespace: $HAVE_USERNS"
167echo " whitelisting: $HAVE_WHITELIST" 156echo " whitelisting: $HAVE_WHITELIST"
diff --git a/src/common.mk.in b/src/common.mk.in
index 64fe2b85a..95f375256 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -10,7 +10,6 @@ VERSION=@PACKAGE_VERSION@
10NAME=@PACKAGE_NAME@ 10NAME=@PACKAGE_NAME@
11HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ 11HAVE_SECCOMP_H=@HAVE_SECCOMP_H@
12HAVE_SECCOMP=@HAVE_SECCOMP@ 12HAVE_SECCOMP=@HAVE_SECCOMP@
13HAVE_BIND=@HAVE_BIND@
14HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ 13HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
15HAVE_NETWORK=@HAVE_NETWORK@ 14HAVE_NETWORK=@HAVE_NETWORK@
16HAVE_USERNS=@HAVE_USERNS@ 15HAVE_USERNS=@HAVE_USERNS@
@@ -24,7 +23,7 @@ C_FILE_LIST = $(sort $(wildcard *.c))
24OBJS = $(C_FILE_LIST:.c=.o) 23OBJS = $(C_FILE_LIST:.c=.o)
25BINOBJS = $(foreach file, $(OBJS), $file) 24BINOBJS = $(foreach file, $(OBJS), $file)
26 25
27CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_APPARMOR) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security 26CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_APPARMOR) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
28LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread 27LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
29EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ 28EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
30EXTRA_CFLAGS +=@EXTRA_CFLAGS@ 29EXTRA_CFLAGS +=@EXTRA_CFLAGS@
diff --git a/src/firejail/join.c b/src/firejail/join.c
index e78cc96fa..b22a6e054 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -214,7 +214,6 @@ pid_t switch_to_child(pid_t pid) {
214void join(pid_t pid, int argc, char **argv, int index) { 214void join(pid_t pid, int argc, char **argv, int index) {
215 EUID_ASSERT(); 215 EUID_ASSERT();
216 char *homedir = cfg.homedir; 216 char *homedir = cfg.homedir;
217 pid_t parent = pid;
218 217
219 extract_command(argc, argv, index); 218 extract_command(argc, argv, index);
220 signal (SIGTERM, signal_handler); 219 signal (SIGTERM, signal_handler);
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 2f25b6ede..594a6d83c 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -685,10 +685,7 @@ int main(int argc, char **argv) {
685 int prog_index = -1; // index in argv where the program command starts 685 int prog_index = -1; // index in argv where the program command starts
686 int lockfd_network = -1; 686 int lockfd_network = -1;
687 int lockfd_directory = -1; 687 int lockfd_directory = -1;
688 int option_cgroup = 0;
689 int custom_profile = 0; // custom profile loaded 688 int custom_profile = 0; // custom profile loaded
690 int arg_seccomp_cmdline = 0; // seccomp requested on command line (used to break out of --chroot)
691 int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot)
692 689
693 // drop permissions by default and rise them when required 690 // drop permissions by default and rise them when required
694 EUID_INIT(); 691 EUID_INIT();
@@ -849,7 +846,6 @@ int main(int argc, char **argv) {
849 } 846 }
850 arg_seccomp = 1; 847 arg_seccomp = 1;
851 cfg.seccomp_list = seccomp_check_list(argv[i] + 10); 848 cfg.seccomp_list = seccomp_check_list(argv[i] + 10);
852 arg_seccomp_cmdline = 1;
853 } 849 }
854 else 850 else
855 exit_err_feature("seccomp"); 851 exit_err_feature("seccomp");
@@ -862,7 +858,6 @@ int main(int argc, char **argv) {
862 } 858 }
863 arg_seccomp = 1; 859 arg_seccomp = 1;
864 cfg.seccomp_list_drop = seccomp_check_list(argv[i] + 15); 860 cfg.seccomp_list_drop = seccomp_check_list(argv[i] + 15);
865 arg_seccomp_cmdline = 1;
866 } 861 }
867 else 862 else
868 exit_err_feature("seccomp"); 863 exit_err_feature("seccomp");
@@ -875,7 +870,6 @@ int main(int argc, char **argv) {
875 } 870 }
876 arg_seccomp = 1; 871 arg_seccomp = 1;
877 cfg.seccomp_list_keep = seccomp_check_list(argv[i] + 15); 872 cfg.seccomp_list_keep = seccomp_check_list(argv[i] + 15);
878 arg_seccomp_cmdline = 1;
879 } 873 }
880 else 874 else
881 exit_err_feature("seccomp"); 875 exit_err_feature("seccomp");
@@ -894,10 +888,8 @@ int main(int argc, char **argv) {
894 exit_err_feature("seccomp"); 888 exit_err_feature("seccomp");
895 } 889 }
896#endif 890#endif
897 else if (strcmp(argv[i], "--caps") == 0) { 891 else if (strcmp(argv[i], "--caps") == 0)
898 arg_caps_default_filter = 1; 892 arg_caps_default_filter = 1;
899 arg_caps_cmdline = 1;
900 }
901 else if (strcmp(argv[i], "--caps.drop=all") == 0) 893 else if (strcmp(argv[i], "--caps.drop=all") == 0)
902 arg_caps_drop_all = 1; 894 arg_caps_drop_all = 1;
903 else if (strncmp(argv[i], "--caps.drop=", 12) == 0) { 895 else if (strncmp(argv[i], "--caps.drop=", 12) == 0) {
@@ -907,7 +899,6 @@ int main(int argc, char **argv) {
907 errExit("strdup"); 899 errExit("strdup");
908 // verify caps list and exit if problems 900 // verify caps list and exit if problems
909 caps_check_list(arg_caps_list, NULL); 901 caps_check_list(arg_caps_list, NULL);
910 arg_caps_cmdline = 1;
911 } 902 }
912 else if (strncmp(argv[i], "--caps.keep=", 12) == 0) { 903 else if (strncmp(argv[i], "--caps.keep=", 12) == 0) {
913 arg_caps_keep = 1; 904 arg_caps_keep = 1;
@@ -916,7 +907,6 @@ int main(int argc, char **argv) {
916 errExit("strdup"); 907 errExit("strdup");
917 // verify caps list and exit if problems 908 // verify caps list and exit if problems
918 caps_check_list(arg_caps_list, NULL); 909 caps_check_list(arg_caps_list, NULL);
919 arg_caps_cmdline = 1;
920 } 910 }
921 911
922 912
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-30 20:23:08 +0000